Duke's WLAN pummeled by 'misbehaving' iPhones - report
The Wi-Fi implementation within Apple's new iPhone handset appears to be the source of a big headache for network administrators at Duke University, according to a published report.
Writing for Network World, John Cox claims that the built-in 802.11b/g adapters on several iPhones periodically flood sections of the Durham, N.C. institution's pervasive wireless LAN with MAC address requests, temporarily knocking out anywhere from a dozen to 30 wireless access points at a time.
"Misbehaving iPhones" are reportedly flooding the access points with up to 18,000 address requests per second, or nearly 10Mbps of bandwidth. As a result, the access points show up as "out of service" for 10-15 minutes at a time, in which there's no way to communicate with them, said Kevin Miller, assistant director, communications infrastructure, with Duke?s Office of Information Technology.
?Because of the time of year for us, it?s not a severe problem,? Miller said. ?But from late August through May, our wireless net is critical. My concern is how many students will be coming back in August with iPhones?"
Duke's network team is reported to have identified the Apple handsets as the cause of the issue after capturing wireless traffic for analysis. Cox said the requests are for what is, at least for Duke?s network, an invalid router address. However, the source of the bad router addresses have not yet been isolated.
"Devices use the Address Resolution Protocol (ARP) to request the MAC address of the destination node, for which it already has the IP address," he wrote. "When it doesn?t get an answer, the iPhone just keeps asking."
Duke's IT department is said to have filed a help desk ticket with Apple over the matter but so far communication with iPhone maker has been "one-way," Cox added.
While Apple is reported to have "escalated" the university's help request, it hadn't yet provided anything substantive as of Monday afternoon.
Writing for Network World, John Cox claims that the built-in 802.11b/g adapters on several iPhones periodically flood sections of the Durham, N.C. institution's pervasive wireless LAN with MAC address requests, temporarily knocking out anywhere from a dozen to 30 wireless access points at a time.
"Misbehaving iPhones" are reportedly flooding the access points with up to 18,000 address requests per second, or nearly 10Mbps of bandwidth. As a result, the access points show up as "out of service" for 10-15 minutes at a time, in which there's no way to communicate with them, said Kevin Miller, assistant director, communications infrastructure, with Duke?s Office of Information Technology.
?Because of the time of year for us, it?s not a severe problem,? Miller said. ?But from late August through May, our wireless net is critical. My concern is how many students will be coming back in August with iPhones?"
Duke's network team is reported to have identified the Apple handsets as the cause of the issue after capturing wireless traffic for analysis. Cox said the requests are for what is, at least for Duke?s network, an invalid router address. However, the source of the bad router addresses have not yet been isolated.
"Devices use the Address Resolution Protocol (ARP) to request the MAC address of the destination node, for which it already has the IP address," he wrote. "When it doesn?t get an answer, the iPhone just keeps asking."
Duke's IT department is said to have filed a help desk ticket with Apple over the matter but so far communication with iPhone maker has been "one-way," Cox added.
While Apple is reported to have "escalated" the university's help request, it hadn't yet provided anything substantive as of Monday afternoon.
Comments
Since their network configuration is essentially now ignoring the request and the Iphone sees a valid network and keeps making the request it is the phones problem?
I think they should look at their network and fix the problem with the equipment timing out for probably security reason to keep hackers from compromising the network.
If the phone was misbehaving and just flooding a network, I believe this would have shown up elsewhere especial on Apple's own campus.
Ah, it sound like the network is doing something wrong, it get a valid request for a MAC address and it appears to be ignoring it, They probably set up their network to do this since they only allow authorized systems to make a request and get in the network.
While it's possible that the iPhone can be optimized to not send requests as frequently, the fact that routers are being knocked off line by an unintentional DoS attack is the fault of the network administrators.
At UNC, just down the road, the *entire network* is one giant flat space. Flat. Think about that for a moment. Every machine, in every dorm, in every office, in every WiFi spot (which is the entire campus). It. Is. Insane. (The CS Dept is reviled among campus IT for being 'different' and not 'playing ball'... they realized how dumb that was, and made their own network. Guess which departmental network is the one that *doesn't* go down more often than a $5 hooker during Fleet Week?)
Since Duke is known for playing catch-up to UNC, I wouldn't be surprised if they followed suit.
My 'sources' at Cisco are pretty sure that's what's happening - Duke has a too-flat network, and have been relying on more or less static device behavior. Now that assumption is broken, and they're paying the price for their configuration. Me? I have no opinion or speculation, I just pass along the expert opinion.
Ayup, this is the only network reporting this.
At UNC, just down the road, the *entire network* is one giant flat space. Flat. Think about that for a moment. Every machine, in every dorm, in every office, in every WiFi spot (which is the entire campus). It. Is. Insane. (The CS Dept is reviled among campus IT for being 'different' and not 'playing ball'... they realized how dumb that was, and made their own network. Guess which departmental network is the one that *doesn't* go down more often than a $5 hooker during Fleet Week?)
Since Duke is known for playing catch-up to UNC, I wouldn't be surprised if they followed suit.
My 'sources' at Cisco are pretty sure that's what's happening - Duke has a too-flat network, and have been relying on more or less static device behavior. Now that assumption is broken, and they're paying the price for their configuration. Me? I have no opinion or speculation, I just pass along the expert opinion.
They should be thanking Apple for highlighting they have a poor set up.
They should be thanking Apple for highlighting they have a poor set up.
Right, I'm sure that's why they're trying to call apple, just to thank them. Or maybe they should complain because, for some reason, the iPhone is crashing their network. Would there be a reason that 18000 students with laptops or other wifi devices all work fine, but throw a few iPhones into the mix, and all of a sudden its the network's fault? Its not that the phone's are asking for a bad router address, it must be because the other routers aren't responding, even though they don't even have that address.
Then again, maybe if the folks at Duke (or, hell, UNC) stopped patting themselves on the back and congratulating themselves on how great they are, and spent time actually working, they might find the problem.
And is anyone surprised that the communication has been 'one-way'?
I'm just impressed the little iPhone can generate 10Mbps of traffic!
I think that's all the iPhones combined, not a single one. They probably have more than a few on their network at any given time.
They should be thanking Apple for highlighting they have a poor set up.
And is anyone surprised that the communication has been 'one-way'?
I'm not.
I would be very surprised if they were in direct communication.
When if ever do you hear do you hear about two-way communication, other than with the large development companies / preferred partners.
I'm just impressed the little iPhone can generate 10Mbps of traffic!
Why? The iPhone does have an 802.11g card in it, therefore, it should be able to 54Mbps.
Why? The iPhone does have an 802.11g card in it, therefore, it should be able to 54Mbps.
in theory
Right, I'm sure that's why they're trying to call apple, just to thank them. Or maybe they should complain because, for some reason, the iPhone is crashing their network. Would there be a reason that 18000 students with laptops or other wifi devices all work fine, but throw a few iPhones into the mix, and all of a sudden its the network's fault? Its not that the phone's are asking for a bad router address, it must be because the other routers aren't responding, even though they don't even have that address.
I think it's that, if they're the only network showing this behavior with a device that is spreading rapidly, then there's a good chance that it is not *just* the device, and not *just* the network, but a combination of the two, wouldn't you agree?
It's entirely possible it's the iPhone misbehaving - but in that case, how come only Duke is suffering from it? As I said, I suspect their assumptions about network use include that a particular node isn't going to be roaming much. Desktops stay put. Laptops stay put for finite amounts of time, disappear from the network, then appear elsewhere, but in all but a tiny few cases, while they're on, they stay put. Not iPhones. They're going to be moving from WAP to WAP all day long. If their network isn't configured to handle that gracefully, then yeah, they're going to have potential issues.
Then again, maybe if the folks at Duke (or, hell, UNC) stopped patting themselves on the back and congratulating themselves on how great they are, and spent time actually working, they might find the problem.
Yup. Early-stage finger-pointing when you're the only one having the issue doesn't really help.
And is anyone surprised that the communication has been 'one-way'?
Nope. SOP. Open the ticket, see if the client can offer any further info, filter it down to engineering, get folks connected, get information flowing... it often takes a few days. Most large institutions understand that.
While it's possible that the iPhone can be optimized to not send requests as frequently, the fact that routers are being knocked off line by an unintentional DoS attack is the fault of the network administrators.
They said their "access points". Flood any 802.11b/g access point with enough data and what else would you expect to happen, basically, the bandwidth is full.
It appears that many in the media have an axe to grind on the iPhone. This is wierd, considering the device has a superiod design and is well tested. I guess a lot of people would like to see Apple lose.
Plus, maybe the iphone is overly agressive when making it requests so it does not help their situation.
Duke's IT group should have been more cautious about staying the iphone has problems because in the end they might be the ones with egg on their face.
According to the report the iPhone is flooding the network with ARP requests. For those not fully aware of how IP (Internet Protocol) works, allow me to explain.
An ARP request is used to match an IP address (such as 192.168.10.10) with a MAC address (these are the physical network addresses that allow computers to identify network traffic source and destinations). The request looks something like "Who has 192.168.10.20? Tell 192.168.10.10." They are sent as broadcast packets because the destination device is not yet known (the whole purpose is to find it) and as such these packets are supposed to be passed along by access points, switches, etc. Only the device that has the requested address is supposed to respond, and other devices are supposed to simply ignore the request.
ARP requests are only supposed to be used to locate machines on the local network (or subnet). Any time a device needs to talk to a device on the Internet or another segment of the network it sends that traffic through a router. ARP is not supposed to be used in this process because the local computer doesn't need to know the remote machine's MAC address; it couldn't even talk to it if it did know. Because of this, devices should NOT attempt to use ARP to find the address of a computer not on the same network. When a device attempts to talk to a device outside of the local subnet, it is supposed to send that traffic directly to the router, and the router determines where to direct it from there.
If the iPhone is sending ARP requests for IP addresses not in the network to which it is connected, it is behaving in a manner contrary to the way in which IP was designed. Not only that, but if it sends a request, doesn't receive a response, and repeats the request over and over, it creates even more network traffic. If you have enough of these devices misbehaving like this, you can begin to see how network traffic can really begin to add up.
It may be true that Duke's network isn't designed to handle broadcasts well, but that doesn't excuse the iPhone from misbehaving in the first place. It doesn't take a lot of broadcast traffic to bring most networks to their knees.
The other issue here which hasn't been addressed is that this problem could potentially open up security issues, depending on why the iPhone is making these ARP requests and what it is expecting in response. If someone were savvy enough, it would be entirely feasible to forge a response to the requests, then when the iPhone tries to communicate with whatever device it wants to talk to, it wouldn't be hard to forge the conversation and potentially wreak all manner of havoc.
This sounds to me like a serious issue that should be treated as such. Let's not blame Duke's IT staff entirely here.
Or they just borked it.
If I was the admin for that network last thing I would have done was gone to the papers. Call up Crisco...open the TAC case and work it out.
If the admin had any real brains he could have pushed and said I need an iPhone to recreate the issue...
Duke's IT group should have been more cautious about staying the iphone has problems because in the end they might be the ones with egg on their face.
No, they shouldn't be more cautious. They already tracked down the cause: its iPhone traffic. They also know that its looking for a router that doesn't exist, and requesting continuously for that router (see, even if they are from Duke, they aren't completely clueless - but, really, we all know they're working there because they couldn't get jobs at the Univ. of Maryland).
From that perspective, they're completely correct. The iPhone is royally screwing up their network. Now, whether its because of issues with the iPhone itself, or its their network setup, is a different story.